From: shylou <liuxie...@163.com> DHCP for VM fails when removing default security group rules using a CMS like Neutron ML2/OVN [1]. This is because DHCP requests from VMs may be dropped by ACLs. To fix this issue, we add a lflow with a priority of 34000 to allow DHCP requests from the logical port if the CMS has enabled native DHCPv4 for this port.
[1]https://bugs.launchpad.net/neutron/+bug/1926515 Signed-off-by: Xie Liu <liushy...@gmail.com> --- northd/northd.c | 10 ++++++++++ tests/ovn-northd.at | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/northd/northd.c b/northd/northd.c index 2c3560ce2..ca641a19e 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -8414,6 +8414,16 @@ build_dhcpv4_options_flows(struct ovn_port *op, meter_groups), &op->nbsp->dhcpv4_options->header_, lflow_ref); + /* Add 34000 priority flow to allow DHCP request from the lport + * if the CMS has enabled native DHCPv4 for this lport. + * */ + ovn_lflow_add_with_lport_and_hint(lflows, op->od, + S_SWITCH_IN_ACL_EVAL, 34000, + ds_cstr(&match), + REGBIT_ACL_VERDICT_ALLOW" = 1; next;", + op->key, + &op->nbsp->header_, + lflow_ref); ds_clear(&match); /* If REGBIT_DHCP_OPTS_RESULT is set, it means the diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 6fdd761da..7657aefff 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -4897,6 +4897,11 @@ ovn-nbctl --wait=sb lsp-set-dhcpv4-options sw0-port1 $CIDR_UUID ovn-sbctl dump-flows sw0 > sw0flows AT_CAPTURE_FILE([sw0flows]) +AT_CHECK([grep "_acl_eval" sw0flows | grep sw0-port1 | ovn_strip_lflows], [0], [dnl + table=??(ls_in_acl_eval ), priority=34000, match=(inport == "sw0-port1" && eth.src == 50:54:00:00:00:01 && (ip4.src == {10.0.0.2, 0.0.0.0} && ip4.dst == {10.0.0.1, 255.255.255.255}) && udp.src == 68 && udp.dst == 67), action=(reg8[[16]] = 1; next;) + table=??(ls_out_acl_eval ), priority=34000, match=(outport == "sw0-port1" && eth.src == c0:ff:ee:00:00:01 && ip4.src == 10.0.0.1 && udp && udp.src == 67 && udp.dst == 68), action=(reg8[[16]] = 1; next;) +]) + AT_CHECK([grep -w "ls_in_dhcp_options" sw0flows | ovn_strip_lflows], [0], [dnl table=??(ls_in_dhcp_options ), priority=0 , match=(1), action=(next;) table=??(ls_in_dhcp_options ), priority=100 , match=(inport == "sw0-port1" && eth.src == 50:54:00:00:00:01 && (ip4.src == {10.0.0.2, 0.0.0.0} && ip4.dst == {10.0.0.1, 255.255.255.255}) && udp.src == 68 && udp.dst == 67), action=(reg0[[3]] = put_dhcp_opts(offerip = 10.0.0.2, hostname = "foo", lease_time = 3600, netmask = 255.255.255.0, router = 10.0.0.1, server_id = 10.0.0.1); next;) -- 2.42.0.windows.2 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
